Can the Linux user space call the SCFW API?

0xC80 = 3200 bytes = 800 words.

Word 722 (decimal) is at byte offset 0xB48, which reads 0x00000000 in your dump. Try hexdump -v, so that hexdump does not squeeze lines.

I must confess I never tried and burn fuses through nvmem, but the Linux driver seems to support it.

Assuming I can write the SRK fuses, just reading the values at the offset returns an error:

dd if=/sys/devices/platform/scu/scu\:imx8qm-ocotp/imx-scu-ocotp0/nvmem skip=452 bs=4 count=1 | hexdump -v

I get "Invalid argument"

452 is the MAC1_ADDR

(assuming I have not screwed that up..)

cat /sys/.../nvmem | dd skip=452 bs=4 count=1 | hexdump -v

dd'ing directly from a sysfs pseudo-file probably does not work out very well.

would that not also apply to a dd write?

I am afraid so. But a small C program should do the trick.

fd = open(NVMEM_PATH, O_RDONLY);
pread(fd, &fuse_value, 4, fuse_word_offset);
close(fd);

same for writing with pwrite.

The c program works as long as a seek is not involved. Either pread or read with a seek beforehand returns all zeros.

If I read the whole beginning of the file (I am reading the unique id as a test at offset 0x40), I get the correct 8 bytes, but seek'ing returna all zeros.

This is such a great exact science (not!) with all the articles saying fuses are not supported, then the drivers support read/write, then the drivers dropped write only to allegedly have write added back in.  There is more to this and I would love to hear an authority on the nvmem driver to this layman (like the author Peng Fan)... But I hope too much.

Thanks for the help, and I an assuming that the original question about SCFW API can only be accessed from kernel space (which is no help).

I guess I will have to go with my silly idea of using uboot scripts which in our case is not the most efficient way.

P.S.

"Crucible" works great on the imx8mp for reading/writing fuses in Linux, but unfortunately does not  support imx8 Quad Max (I guess because of security model).

Either pread or read with a seek beforehand returns all zeros.

pread/pwrite work for me. No seek beforehand, just specify the offset as the fourth argument: pread(fd, &value, 4, 16) returns the first word of the unique ID. Similarly, I could burn the MAC fuse with pwrite.

Using 6.1.22_2.0.0 release (6.1.22 kernel), on i.MX 8QXP - but QM should be similar.

Admittedly the pread manpage mentions that the file opened must be capable of seeking. So not sure why this works, or if it is a lucky coincidence on my side. Or a compiler dependency: for the sake of speed, I compile using ubuntu aarch64_linux_gnu- Xcompiler and linking statically.

Unfortunately, even Uboot cannot write the first fuse for using secure boot:

@https://community.nxp.com/t5/i-MX-Processors/imx8-Quad-Max-uboot-fuse-prog-ERROR/m-p/2048429#M23428...

Found that you get an update from other case and the version of imx-seco-3.8.5.bin can be helpful.

There is SECO_FW_release_note.pdf at imx-seco-3.8.5/firmware/seco/

Regards

Harvey

Unfortunately I am stuck on 5.10.72 (for now), so maybe older driver...